| VID |
21162 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The web server is vulnerable to a security problem in PHP-Nuke (bb_smilies.php).
The vulnerability is caused by inadequate processing of queries by PHP-Nuke's bb_smilies.php, which results in returning the content of any file we desire with the privileges of the web server. A similar vulnerability in the same PHP program allows execution of arbitrary commands with the privileges of the web server by changing the password of the administrator of bb_smilies. |
| Recommendation |
Change the following lines in both bb_smilies.php and bbcode_ref.php:
if ($userdata[9] != ') $themes = 'themes/$userdata[9]/theme.php';
else $themes = 'themes/$Default_Theme/theme.php';
To:
if ($userdata[9] != ') $themes = 'themes/$userdata[9]/theme.php';
else $themes = 'themes/$Default_Theme/theme.php';
if ( !(strstr(basename($themes),'theme.php')) || !(file_exists($themes)) ){
echo 'Invalid Theme'; exit;}
include ('$themes');
Or upgrade to the latest version (Version 4.4.1 and above). |
| Related URL |
CVE-2001-0320 (CVE) |
| Related URL |
2422 (SecurityFocus) |
| Related URL |
6183 (ISS) |
|
